TLDR:

• An attacker drained 116,500 rsETH worth $292M from Kelp DAO’s LayerZero-powered bridge in one attack.
  
• Stolen rsETH was deposited on Aave, Compound, and Euler as collateral to borrow ETH, creating bad debt.
  
• Kelp DAO paused rsETH contracts on Ethereum mainnet and multiple L2s while coordinating with security experts.
  
• Over $600M was stolen from more than 10 DeFi protocols in two weeks, with AI accelerating hacker capabilities.

Kelp DAO suffered a major security breach involving its LayerZero-powered rsETH cross-chain bridge. The attacker drained 116,500 rsETH tokens worth approximately $292 million from the protocol.

The stolen assets were then used as collateral on major lending platforms to borrow ETH. Kelp DAO paused rsETH contracts across the Ethereum mainnet and several Layer 2 networks amid the crisis.

Security experts from multiple organizations quickly joined the investigation as it got underway.

How the Kelp DAO rsETH Bridge Exploit Unfolded

The attacker targeted the LayerZero bridge within Kelp DAO’s cross-chain system. Some 116,500 rsETH tokens were drained during the attack.

The stolen funds were transferred to lending platforms including Aave, Compound, and Euler. There, the attacker used rsETH as collateral to borrow ETH, creating bad debt across those protocols.

Kelp DAO confirmed the breach through its official X account that day. The protocol stated it had identified suspicious cross-chain activity involving rsETH.

Contracts were paused across mainnet and several Layer 2 networks accordingly. The team coordinated with LayerZero, Unichain, auditors, and security experts on root cause analysis.

Aave and several protocols froze or paused rsETH-related markets in response. This step aimed to limit further losses across affected platforms.

The AAVE token fell to $99.60 amid reports of growing bad debt from the exploit. Activity in impacted markets slowed as users closely tracked the situation.

Kelp DAO advised users to rely solely on its official handle for accurate updates. No attacker was publicly identified while investigations remained active.

Multiple security firms assisted Kelp DAO’s internal team throughout the analysis process. The full breach scope had not been confirmed at the time of reporting.

$600 Million Stolen From DeFi Protocols in Two Weeks

The Kelp DAO breach came amid a broader wave of DeFi attacks in April 2026. Over $600 million was stolen from more than 10 protocols in two weeks.

Analyst Jeremy noted that AI is helping hackers execute attacks more efficiently. He identified the Kelp DAO incident as the year’s biggest DeFi hack.

Drift Protocol also lost $285 million to North Korean hackers using AI-powered social engineering. Those hackers spent months building insider trust before striking.

Once positioned, the full attack unfolded in just 12 minutes. Rhea Finance separately lost $18 million through fake token pools that misled its oracle into approving withdrawals.

Further incidents targeted Grinex, Hyperbridge, Aethir, Dango, and Silo Finance. Grinex, a sanctioned Russian exchange, lost $15 million before suspending all operations.

An attacker on Hyperbridge minted one billion fake bridged DOT tokens notionally worth over $1 billion. However, thin liquidity meant only around $237,000 was actually extracted.

CoW Swap and Zerion were also hit in the same two-week stretch. CoW Swap’s frontend was hijacked through a DNS attack that led users to a phishing page.

Zerion suffered credential theft through North Korean social engineering. The pattern across all these attacks reflects an expanding threat to the broader DeFi sector.

TLDR:

• Security researcher Alex “Scalar” Sol reported four Zcash vulnerabilities on April 4, 2026, via coordinated disclosure channels.
  
• A crafted Orchard transaction with an all-zeros randomized key could crash any reachable zcashd or Zebra node instantly.
  
• A turnstile accounting bug introduced in zcashd v5.10.0 could be triggered by routine peer-to-peer duplicate block headers.
  
• Mining pools ViaBTC, Luxor, F2Pool, AntPool, and Foundry all deployed patches before the public release on April 17, 2026.

Zcash vulnerabilities have been patched across two full-node implementations following a coordinated security disclosure.

On April 17, 2026, Zcash Open Development Lab released zcashd v6.12.1, while the Zcash Foundation released Zebra v4.3.1. Security researcher Alex “Scalar” Sol reported the issues on April 4, 2026.

Four vulnerabilities were addressed, covering a node crash bug, a consensus enforcement gap, and a turnstile accounting bypass. No user funds were compromised, and no ZEC supply inflation occurred at any point.

Four Bugs Identified Across Both Zcash Full-Node Clients

The most directly exploitable bug was an Orchard transaction crash present in both zcashd and Zebra. A crafted transaction with an all-zeros randomized key encoding could immediately crash any node processing it.

Repeated broadcasting of such a transaction could effectively prevent nodes from participating in the network. No transactions triggering this condition were found on the Zcash mainnet before the patch.

A related enforcement gap also existed between the two implementations. Zebra already enforced a protocol requirement on ephemeral public keys within Orchard actions, but zcashd did not.

This meant a crafted transaction could be accepted by zcashd while being rejected by Zebra. Such a transaction could have forced a visible chain fork between nodes running different clients.

A separate bug in zcashd, introduced with v5.10.0 in August 2024, could disable turnstile accounting under certain conditions.

Receiving a duplicate block header from a peer could silently reset pool balance tracking to null. This condition could arise from ordinary peer-to-peer network behavior, not only from deliberate attack. The turnstile tracks ZEC balances across shielded and transparent value pools and serves as a critical safety layer.

Even so, this bug was not independently exploitable to steal or inflate ZEC. The official disclosure confirmed that “exploiting it to steal funds would require a separate, independent balance vulnerability on top of it.”

Any resulting turnstile violation would also have been publicly visible as a detectable chain anomaly. No such anomaly occurred on the Zcash mainnet before the fix was deployed.

Mining Pools Deploy Patches Before Public Disclosure

Zcash Open Development Lab addressed the disclosure directly, stating: “Mining pools representing a supermajority of the network’s hash power, and the primary operator running Zebra in mining production, deployed patches prior to this disclosure.”

ZODL engineers Kris Nuttycombe and Daira-Emma Hopwood authored the zcashd patches and reviewed each other’s work.

Nuttycombe addressed the Orchard crash, enforcement gap, and turnstile accounting bug. Hopwood authored hardening patches for integer overflow undefined behavior and exception safety.

Mining pools ViaBTC, Luxor, F2Pool, and AntPool — each running zcashd — were contacted directly for coordination. Foundry, which runs Zebra in mining production, also deployed its patch ahead of public release.

The Zcash Foundation’s Conrado Gouvêa separately developed and delivered the Zebra patch. This outreach ensured network stability was preserved throughout the entire disclosure process.

The zcashd v6.12.1 release also included broader hardening changes beyond the core vulnerability fixes. A chain supply value checkpoint was added at NU6.1 activation to enable future corruption detection.

Integer overflow protections were added across pool balance accumulation routines in multiple code paths. These additions provide an extra defense layer against edge-case exploitation scenarios.

This marks the second set of Zcash vulnerabilities disclosed within a month. On X, Zcash Open Development Lab stated: “We have no evidence that any of these bugs were exploited.

User funds and privacy were never at risk, and no ZEC supply inflation was possible.” Alex “Scalar” Sol also reported the March 2026 Sprout verification vulnerability through the same coordinated channels. Users running either zcashd or Zebra should upgrade to the latest patched versions immediately.

The Bitcoin mining landscape tightened again as the network’s difficulty dipped on the latest adjustment, underscoring the pressure facing public mining operators that have been selling BTC to fund ongoing costs amid higher energy prices and a subdued price environment. Data from CoinWarz placed the current mining difficulty at about 135.5T, a roughly 1.1% decline over the prior 24 hours, signaling a modest relief for issuers still dealing with razor-thin margins.

Looking ahead, CoinWarz estimates the next adjustment will push the difficulty higher to around 137.43T, with the change expected on May 1, 2026, at about 01:24 PM UTC. The calculation places the shift at 1,865 blocks from now, roughly 12 days, 18 hours, and 41 minutes of lead time. These sequential moves illustrate the ongoing tug-of-war between miners’ costs and the rewards embedded in the BTC network’s protocol.

Key takeaways

• The Bitcoin network’s mining difficulty fell to roughly 135.5T, a 1.1% drop in the last 24 hours, signaling continued strain in a sector under cash-flow pressure.
• The next difficulty adjustment is projected to rise to about 137.43T on May 1, 2026, after 1,865 blocks, roughly 12 days and change from now.
• Publicly traded mining firms sold more BTC in Q1 2026 than in all of 2025 combined, totaling over 32,000 BTC, according to TheEnergyMag.
• Consolidated BTC sales by MARA, CleanSpark, Riot, Cango, Core Scientific and Bitdeer exceeded 20,000 BTC in Q2 2022, a period associated with the Terra-Luna collapse and a then-deep bear market.
• CoinShares’ Q1 2026 mining report shows about 20% of miners are unprofitable under current economics, highlighting persistent profitability headwinds despite operational changes by miners.

Record BTC liquidation and its implications for the sector

Publicly traded Bitcoin miners have increasingly relied on selling mined BTC to cover ongoing operating costs, a practice that has intensified as price swings and energy costs squeeze margins. The EnergyMag’s compilation indicates that in Q1 2026, a cohort of major players—MARA, CleanSpark, Riot Platforms, Cango, Core Scientific and Bitdeer Technologies—sold more than 32,000 BTC in aggregate. That figure surpasses the total BTC sold in all four quarters of 2025 combined, underscoring how the economics of mining have shifted toward cash preservation and liquidity management in a tougher market.

To put the scale in perspective, the Q1 2026 tally surpassed the 20,000 BTC sold in Q2 2022, a period that overlapped with the Terra-Luna collapse and a broad crypto downturn. The parallel illustrates how the sector’s response to stress has evolved: where miners once leaned on revenue timing and hedging, they now face a higher burden to convert freshly minted BTC into fiat to pay for electricity, hosting, and other fixed costs as the market’s risk premium remains elevated.

Miners typically unwind BTC holdings to meet operating expenses denominated in fiat, making their cash flow acutely sensitive to both BTC price fluctuations and the cost of power. The broader backdrop has grown more challenging as energy prices have trended higher in many regions and the crypto bear market extended its course through late 2025 and into 2026. The difficulty trend compounds these pressures: even as the price swings rattle sentiment, the network’s computational difficulty continues to trend upward, complicating profitability for operators with under-water margins.

Profitability under pressure: a closer look at the data

CoinShares’ Q1 2026 mining report provides a sobering frame for the environment miners operate within. The study notes that about one-fifth of miners are unprofitable under current economics, a figure that signals that a significant slice of the mining sector remains at a break-even or loss point given prevailing BTC prices and energy costs. The report characterizes Q4 2025 as the most challenging quarter for Bitcoin mining since the April 2024 halving, due largely to a sharp price correction in October 2025 that pulled BTC from peaks around $125,000 to roughly $86,000 by year-end. Coupled with rising difficulty, these dynamics compressed margins and forced many operators to contend with tighter balance sheets.

Alongside these dynamics, the sector’s debt and capital expenditure plans—driven by the need to deploy new hardware and secure low-cost power—continued to shape strategic decisions. As operators balance capex with income, the ability to sustain production without eroding balance sheets remains a material question for 2026. The broader market has watched for any regulatory developments that could alter energy costs, tax treatment of mining, or access to cheaper electricity in key basins, all of which could tilt profitability in the months ahead.

Why this matters for investors and builders

From an investor perspective, the combination of rising difficulty and persistent BTC sales by miners creates a nuanced risk profile. On one hand, a higher difficulty suggests that continuing hardware investment could be necessary for those seeking to maintain production levels and capture block rewards. On the other hand, if miners’ cash flow remains constrained, they may favor further asset sales or debt-funding mechanisms, potentially creating selling pressure on BTC and altering the supply dynamics in the near term.

For builders and infrastructure operators, the current environment highlights the importance of energy strategy and location economics. Regions with access to affordable power remain the most competitive, and those with regulatory clarity around mining operations could attract future deployments. The fact that a significant share of miners remains unprofitable increases the emphasis on efficiency gains—from chip technology and cooling innovations to load management and energy hedging strategies.

Regulators, too, are watching profitability trends as a signal of the sector’s resilience. As the mining industry contends with structural shifts—price volatility, energy costs, and the ongoing evolution of carbon and energy policies—the sector’s next moves could influence broader market sentiment and adoption of blockchain-based use cases that rely on robust, secure mining networks.

What to watch next

The next Bitcoin network difficulty adjustment—expected in early May 2026—will be a key data point for assessing whether miners can sustain operations under the current cost structure. Additionally, BTC price action into spring and summer 2026 will interact with mining economics in meaningful ways. Investors and operators should monitor energy price trends, operational expenditures, and any regulatory signals that could alter the cost of running mining facilities. If the sector can stabilize cash flow and leverage efficiency gains, the coming quarters may reveal a more resilient mining landscape even as the market remains cautious.

Ultimately, the story today is one of a sector recalibrating to a tougher macro and micro environment. How mining firms adapt—through cost discipline, technology upgrades, and strategic hedging—will shape the degree to which Bitcoin mining remains a volatile but enduring edge of the crypto economy.

US Senator Elizabeth Warren has accused Paul Atkins, the head of the Securities and Exchange Commission, of possibly lying to Congress about the agency’s enforcement numbers.

Warren, the top Democrat on the Senate Banking Committee, said in a letter to Atkins dated Wednesday that the SEC’s enforcement data for fiscal year 2025, released on April 7, raised “significant concerns” about his answers at a Feb. 12 congressional hearing.

“At the hearing, I specifically asked you to comment on publicly available data highlighting a decline in SEC enforcement activity,” Warren said. “In response, you demurred, stating that you were ‘not sure what data’ I was looking at.”

“Now, it is clear that my assertion regarding the SEC’s declining enforcement actions was correct: the data you released last week show that the number of enforcement actions initiated by the SEC was lower than at any point in the last decade,” she added.

The SEC has rolled back its enforcement against crypto companies under the Trump administration, settling or dismissing crypto-related lawsuits the agency launched under the Biden administration, garnering criticisms from some lawmakers.

Warren said the SEC’s enforcement data was “deeply disturbing” and showed it had “largely abdicated its enforcement responsibilities” as the agency’s enforcement activity had dropped to the lowest level in more than 20 years.

She told Atkins that, in light of the data, his answers at the hearing in February “were deeply troubling and raise concerns that you may have been deliberately trying to mislead the Committee about the state of SEC enforcement.”

Related: US SEC taps new enforcement chief amid questions over predecessor’s exit

Warren said the hearing took place more than four months after the end of the 2025 fiscal year, and Atkins’ “deflection and claim to be unsure of the ‘data’ I was examining now appear deeply misleading, potentially designed to cast doubt on the now obvious fact that enforcement activity has declined significantly at the Commission under your watch.”

Warren’s letter asked Atkins a series of questions about whether he was aware of the SEC’s enforcement efforts at the time of his testimony and requested that he explain the agency’s decline in enforcement.

The letter asked Atkins to respond to the questions by April 28.

The SEC did not immediately respond to a request for comment.

Magazine: Trump’s crypto ventures raise conflict of interest, insider trading questions